Saturday, February 11, 2017

Class Availability

The upcoming GroundRod Primer & GroundRod 2 back-to-back courses scheduled for April 27-30 in Clarksville, TN are just about booked full. If you are planning on attending this venue and have not already reserved your seat, you need to get a hold of me as there are only a few seats left.

There are some seats left for the GroundRod Primer & GR2 scheduled for February 24-27 in Columbus, OH due to a couple cancellations.

****

We are looking to set up courses in North Carolina, Florida, Wyoming, Nevada and Hawaii in the coming months. If any of those locations interest you, get a hold of us and we will get the class built.



Thursday, February 9, 2017

GroundRod Primer Course Review via Forward Observer



Sam Culper from Forward Observer hosted a GroundRod Primer down in Austin, Texas last week and just released a course review...

Forward Observer Review


Saturday, January 28, 2017

Encryption Update ** UPDATED **


(Update at the bottom)

So, the NSA and IAD just released an advisory memo directed at US government entities and NGOs/Corporations that deal with classified material. In a nutshell, they are raising the minimum required encryption level for top secret data effective immediately. So instead of referring to the NSA's Suite B cryptography, we will now refer to what they are calling the Commercial National
Security Algorithm Suite. The changes are as follows:

Former Suite B standards

- RSA-2048                                       (Key exchange/Digital Sig)
- ECDH/ECDSA P-256                    (Key exchange/Digital Sig)
- AES-128                                         (Symmetric encryption)
- Diffie-Hellman 2048                      (Key exchange)
- SHA-256                                        (Integrity check/hash)


New NSS standards

- RSA-3072                                      (Key exchange/Digital Sig)
- ECDH/ECDSA P-384                   (Key exchange/Digital Sig)
- AES-256                                        (Symmetric encryption)
- Diffie-Hellman 3072                     (Key exchange)
- SHA-384                                       (Integrity check/hash)

Okay great.....what does this mean to you?

Well, for one, if the NSA feels there is a threat great enough to warrant raising these standards to protect national security structure, then it only makes sense for the public to do the same. After all, I place I high value on my privacy and the sanctity of my "data".


Things you should be checking:

1. Your VPN provider (you are using a VPN, right?). Most of the providers I recommend already meet or exceed the new standards. There are, however, some that still employ RSA-2048 and AES-128. Find out what your provider is using and if it does not meet the standard as set forth above I would contact them and encourage them to implement it as soon as possible.....or move to a different provider.

2. Your PGP/GPG keys. More and more people are discovering and utilizing GPG encryption for their mail and personal file security. I have noticed though that many of the people that contact me via GPG are still using RSA-2048 keys. I would encourage you to switch to the stronger RSA-4096 keys (or better yet, ECC keys with non-NIST curves....if you are savvy with the terminal).


These couple of steps will greatly increase your personal/business security level and, frankly, are pretty painless to implement.



I should note that you will get hands on experience with these techniques at my GroundRod 2 course.

***  UPDATE ***

We looked at the Suite B standards and the new NSS standards above.....now, here are my recommendations:

For key negotiation/exchange:

      - RSA-4096
      - ECC Brainpool P-384 or P-512
      - ECC Curve25519
      - DH 4096

For symmetric (payload) encryption:

      - Twofish / Threefish
      - Serpent
      - AES-256

For integrity check/hash:

      - SHA-512
      - Whirlpool

 As you can see, I favor non-NIST standards as much as possible. For most VPN providers you are stuck with AES for channel encryption, however, Proxy.sh and a couple others are working on implementing Serpent and Twofish as an option.









Wednesday, January 18, 2017

First GroundRod 2 Student Review

I just received a very humbling course review from one of the students from my recent GroundRod 2 course in Arizona. Here it is....


***

Praise for GroundRod2

* K is the Marcus Aurelius of Cyber Privacy and Security.

* Groundrod2 (GR2) was awesome. If you thought Groundrod1 was good, GR2 is even better

* K is an incredible instructor. He offers a wealth of experience and expertise related to privacy, security and liberty. The course is not just for those who like to be prepared, people who live off-grid, etc. GR2 is a hands-on, cyber security “boot camp” for freedom-loving Americans who cherish their constitutional rights. The training course is immersive, takes place in a small class environment while the goal for students is to leave with cutting-edge skills they can immediately apply in their daily life.

* K’s classes can be understood by individuals as well as both the business and the technical side of any organization. By way of example, K’s military and technical expertise combined with his attention to detail allow him to walk through complex scenarios and use cases with ease while applying risk principles to each situation so students can visualize the best outcome and discern the reasoning behind the analysis.

* K’s course will empower students with the skills and tools needed to win the battle against the wide range of cyber adversaries who want to harm you, your family and your environment.

*GR2 was a high-quality learning experience against a backdrop of constantly changing technologies and threats. Put another way, K’s class is a “Proving Ground” for all the latest, best and most secure technologies to safely and securely communicate.

*It’s clear based on the quality of class instruction and extensive classroom training tasks, K has extensive experience with successful classroom teaching techniques and delivering technical training for adult learners in corporate, government and military environments.

* Heaven forbid, but ... If Weimar Germany in 1923 or Venezuela in 2017 are any indication of what may happen here in the future in the US; If you care about your family, friends and loved ones and want to have the ability to communicate candidly, effectively and securely in a potentially hostile environment, you will want to take this class.

* Most people view insurance as something they need for their car, home or if they die ... for their loved ones after they pass on. Think of K’s class as insurance against “Normalcy Bias”. It’s the elixir against denial for what we already know is a mathematical certainty (the US Government will default on the 20T in national debt in the near future). Very few people have the skills and know-how to communicate securely over long distances with others in a hostile environment. And, you will be equipped with knowledge that will be in exceptionally high demand.

-PN01


***

My thanks to the wonderful students down in Arizona. Their quest for excellence, fearless questioning and overwhelming generosity represent the things that keep me going.



Wednesday, January 4, 2017

Upcoming Courses


GroundRod 2 is here and covers the following:

- Review of GroundRod Primer skills

- Discussion of current events as they relate to privacy, security and liberty

- In depth study of the Invisible Internet Project / I2P

- Setting up anonymous mail service via I2P

- Exploration of Zeronet and other distributed networking systems

- Setting up and using Retroshare with extra anonymity

- The latest in encryption techniques, including ECC

- Setting up open source router firmware

- Metadata analysis

- Testing secure alternatives to Skype and other mainstream teleconferencing software

- The latest in crypto-currency trends, techniques and software

- Real-world tradecraft application

- Setting up resilient, "Ministry of Truth" proof websites

- Hands on training for SEPIO laptop owners

- and tons more.........

***************************

These are the current course dates. Contact me if you want to reserve a seat or if you wish to host a course in your area. Cost is still just $350 (per course).


GroundRod 2                          --  Phoenix, AZ  -- 14-15 January

GroundRod Primer                --  Austin, TX -- 4-5 February    w/ Forward Observer

GroundRod Primer & GR2   --  Columbus, OH -- 24-27 February

GroundRod Primer & GR2   --   Clarksville, TN  --  27-30 April



The privacy fight is far from over folks.......regardless of who is occupying the White House.


** UPDATE **  For those of you attending any of the double classes (GR1 & 2) you only need to make one $100 class deposit as opposed to a $100 deposit twice for each course.

Sunday, December 11, 2016

VERUS Phone Sale


I had several requests to do a sale on the phone as well, so here ya go...

$ 50 bucks off next five Verus phone orders until Christmas.


Friday, December 9, 2016

Laptop Holiday Sale

******

I have one compact SEPIO laptop left in stock and ready to ship in time for Christmas. I am also going to knock $100 bucks off the price of the next five laptops sold. 


Offer expires on December 17th.


*** EDIT: I also have a small number of 15 inch SEPIOs with the Ultra High Definition/4K screens if anyone is interested. *** 

******

Info on the SEPIO Operating System


I have received a lot of questions regarding the SEPIO laptop and operating system, which run from "how is this system more secure than any other linux system?" to "what the heck is the SEPIO OS?"

So let me try to answer some of the questions...

First off my mission goals with this system:

To create an easy to use yet extremely secure OS that anyone can easily migrate to from Windows or Mac. The defensive measures of the system should require little to no user intervention in order to keep the system safe from outside attack. The applications should cover all the users basic needs (video, music, editing, email, browsing, messaging, documents, etc) without having to search for extra software. It must have a full suite of security tools such as encryption software, crypto-currency wallets and tools, TOR/I2P/VPN access, peer 2 peer secure messaging.

We use the model of   Anonymity + Security = Privacy  and personal privacy is a cornerstone of individual liberty.


Now the questions:

1) What makes this more secure than any other linux distribution?

    To start with, Linux is open source (no hidden code), which lends itself to security as it is auditable and transparent. Linux also has some powerful security abilities baked into the kernel although they are often not utilized by most distros. I compile my own kernel with Grsecurity and PaX patches. What is Grsecurity? From their website -

"Grsecurity® is an extensive security enhancement to the Linux kernel that defends against a wide range of security threats through intelligent access control, memory corruption-based exploit prevention, and a host of other system hardening that generally require no configuration. It has been actively developed and maintained for the past 15 years."

"Only grsecurity provides protection against zero-day and other advanced threats that buys administrators valuable time while vulnerability fixes make their way out to distributions and production testing. This is made possible by our focus on eliminating entire bug classes and exploit vectors, rather than the status-quo elimination of individual vulnerabilities."

"Grsecurity has been developed and maintained since 2001, from the very first 2.4 Linux kernel to the latest and greatest 4.x. In addition to tracking the latest stable kernel, we provide stable releases for both the 3.14 and 4.4 kernels with additional security backports.
We stay on top of -- and in many cases drive -- the state of the art in security research. While the security teams of Linux distributions react to the latest widespread exploit simply by fixing the associated vulnerability, we quickly work in addition to close down any new exploit vectors, reduce the chance of similar vulnerabilities, and insert additional roadblocks for ancillary techniques that made the exploit possible or reliable.
As a result of this extensive approach, it is not uncommon to find in the event of a published exploit, particularly against the kernel, that the exploit's success is prevented by several separate features of grsecurity."

I write custom firewall rules that guard against outside intrusion tactics. I lockdown traditional attack vectors like SSH, Telnet, Ping. I block IPv6 traffic as it can lead to potential VPN leaks.

I employ restrictive sandboxing on any web facing applications as well as many other commonly used apps. This applies another layer of protection if an application becomes compromised by keeping it containerized.

On demand ant-virus scanning is built in as well as rootkit and trojan scanning.

I provide pre-configured virtual router and virtual workstations, for isolated and anonymous TOR browsing with randomized MAC addresses and spoofed IPs.

Common exploit avenues such as single-user login, BIOS attacks and bootloader exploits are blocked. Bootloader is password protected and password is stored hashed.

Full disk encryption (including swap)with strong AES-256-XTS as well as secondary encryption of user folders and tertiary encryption available as needed.

Secure delete function (DoD and Gutman standards).

Browser and Email client are extremely hardened against attacks and data leaking.

Approved VPN clients are built in as well as a preconfigured free VPN option.

Non-logging DNSsec DNS servers are enforced as opposed to the standard "google" DNS which log every search you make and store it indefinitely.

Security updates are delivered as soon as they are released from the Debian/Ubuntu/Mint teams.

I could go on, but that covers the primary security differences between SEPIO and something like Ubuntu, Fedora or Suse....not to mention the massive security chasm between SEPIO and Windows/Mac.


2) What is SEPIO OS?

    Well, besides what was already answered above, SEPIO is a security focused distro built on top of Linux Mint. It uses a customized version of the Cinnamon desktop environment. It is a pleasant and easy to use desktop with support for just about every type of video and music format, as well as full photo and document support. You can plug in your email accounts and be off and running in no time. You can easily and safely visit all your favorite websites without fear of compromise. You can enjoy your digital life without the spying and intervention of big corporations, hackers and governments gone crazy.


3) Can I just get the SEPIO OS and install it on my own laptop?

    At present, no. Besides installing the system I have to do a great deal of custom configuration and hardware setup on each build. This would prove a daunting if not frustrating task for even a competent linux enthusiast.










Friday, November 11, 2016

*New Courses Added*



Home Defense Solutions / CQB course added to courses page. Email me to reserve class dates.


Sunday, November 6, 2016

Vehicle Movements in Non-Permissive Environs - PART 2

Low profile


Method of Movement

Due to the fact that it is very difficult for a solitary vehicle to defend itself effectively we will create an SOP that all movements will consist of two vehicles, a lead/primary and a follow/secondary. The primary is tasked with accomplishing the "mission" (picking up a local supporter, etc) while the follow vehicle follows at a safe distance (will vary depending on road/traffic conditions) and provides overwatch.

As an example, lets say that your primary vic (vehicle) is heading down a lightly traveled rural highway with follow vic a quarter mile or so behind. On long straight stretches of highway, follow vic would drift back and increase distance, keeping primary in sight. If the road gets congested or starts winding around, follow would close the distance as needed. The goal here is to keep primary in sight (as well as maintaining comms - we will cover that later) without giving away the fact that you are supporting the primary. You also want to stay within the range capability of your weapon systems (not to mention the operator's expertise level).

Lets say that primary vic is stopped by a local gang's roadblock or perhaps a rouge government agent executes a "pull-over". Follow vic would make comms with primary so as to keep an ear on what was happening and either pull over and prepare to support by fire, or rapidly make approach as the situation dictates. Ideally you would have a minimum of two people in each vehicle. The driver focuses on driving and the passenger/TC deals with operations.

This order of movement can also be reversed with the primary in the rear if you have a high-value person or item inside the primary. The lead vehicle would act as a probe or pointman, keeping the primary vic buffered as needed.

Once primary reaches it's target it will notify home/base (using brevity codes unless you are lucky enough to have secure comms). Follow vehicle will park in overwatch or "satellite" the area, depending on the situation. A third vehicle with your QRF (quick reaction force) would be on standby at your home/base for the duration of the mission. In the event that the primary/follow teams need support or rescue the QRF team would launch. The QRF should have your largest vehicle and should be heavily armed. The QRF may need to fill multiple roles including that of ambulance and should have the necessary medical support equipment on board.

Equipping the Rig

We are assuming that you will have only soft-skin (non-armored) vehicles at your disposal as armored vehicles in the US are a rather expensive affair, both in initial cost and upkeep. With that in mind, remember that lacking armor - speed (or mobility) equals security.

This is a basic list for what we would keep in our rigs while operating in said environment:


- Fire extinguisher
- Fix-a-flat and puncture kit (x4)
- Spare tire w/tools
- 110ac power inverter
- binoculars
- seatbelt cutter/window breaker tool
- case of drinking water
- spare magazines for rifles/pistols
- weapons maintenance kit
- basic toolbox
- large bolt cutters
- tow strap/snap-strap
- medical bag
- VS-17 panel (you can make your own if needed)
- IR/WL strobe
- box of caltrops
- smoke grenades (HC and colored)
- road flares
- aerial flare
- spare batteries (for radios, GPS, flashlights, NVGs, etc)
- Jump pack w/air compressor
- compass
- GPS unit
- Radio (GMRS/CB/HAM whatever your unit is using)
- Scanner/Bearcat
- solar charger (for 12v system)
- shovel/pick/e-tool
- poncho liner (especially if in a cold climate)
- lighters/matches
- spare engine fluids
- come-along (if vic does not have a winch)
- gas can
- roll of dark fabric screen or mesh and clothespins
- windshield blocker/dash saver
- Optional - camo netting large enough to cover rig if you need to cache
- and of course, duck tape and 550 cord
Useful but overt bag - consider civilian bag with internal pouches
You can tailor this to fit your needs, but this will give you the basic necessities to keep the vehicle rolling in a bad situation. All "tactical" items such as magazines and long guns should be out of sight to someone walking around the outside of the vehicle. It goes without saying that tinted windows are a huge plus.

Keep in mind this list is separate from your personal go-bag, which may contain some of these items as well.

***

Next article will cover dressing for success.

- Dressing around your equipment
- Low profile fundamentals/establishing baseline
- Long gun storage and deployment
- Body Armor


Soft skin vehicle aftermath - bad day for them






Saturday, November 5, 2016

Vehicle Movements in Non-Permissive Environs - PART 1


There could shortly come a time when a mundane task such as driving into town to pick up a family member could become a seriously dangerous activity. Some of us are used to this concept as we performed it routinely overseas as part of a military unit or a clandestine services unit.
The military unit will for the most part roll out in a heavy or overt-profile; meaning part of the psychological strategy is visibly projecting force....the "you don't want none of this" approach. This approach may work depending on the METT-TC or environmental/situational reality. As many a soldier has learned, in a warzone, this can make you a rather juicy target. This could also be applied to a domestic "grid-down/WROL/SHTF" scenario.  The clandestine operator will generally follow a policy of low-profile (or no-profile), meaning they seek to blend into the local environment as neatly as possible. This is for a couple of reasons, most of which should be obvious but lets examine a few.
Decidedly overt ODA gun truck

1. Unlike a military unit with air assets and support forces, the ClanOps generally have very limited, if any support (usually limited to other members of their homogeneous unit).

2. It is usually imperative to the successful outcome of their operation that they draw little if any attention to themselves.

3. A military vehicle patrol/convoy/truck team can have anywhere from 12 men to company strength, while the ClanOps will generally have 2 to 5 men.

4. Military units will move in armored vehicles whenever possible (almost exclusively anymore), while a low-profile armored vehicle may not be available for the ClanOps or fit within the mission parameters.

Where am I going with all this?

The ClanOps model is a logical model for the aforementioned SHTF scenarios we may face domestically. Most of us are going to be limited in manpower to our family/friends or neighborhood defense team members. We want to avoid drawing attention and avoid getting into pitched battles as much as possible. Where as before we could simply jump in the car and head into town for groceries, in this scenario we will need to start each movement with a plan and movement brief.

Your planning area should include large and small scale maps of your AO (area of operations) and extra maps for extended movements out of area. Ideally your maps would have overlays that indicate the following:

1. Heavy traffic areas
2. Dead ends and choke points (avoidance of likely ambush points)
3. Government/Military facilities
4. Traffic cameras
5. Medical facilities (hospitals, pharmacies, veterinary clinics)
6. Fuel points (public, government, commercial)
7. Resupply areas (stores, caches)
8. Known trouble areas (to be updated daily)
9. Lay-up points / safe-houses

It should also include a radio scanner tuned to all local emergency frequencies, base station units for your particular radio system, cell phones, computers with area webcam feeds/traffic cams and any other comms items you deem necessary.

As part of your pre-movement brief you would draw your primary route, as well as secondary and tertiary routes. You would also label your phase lines or check points as well as your timelines for departure/arrival/return. This gives your backup team/QRF a better idea of where to find you if lines of communication break down.

In the follow-on articles we will discuss:

- Equipping the vehicles
- Maintenance tasks
- Emergency action plans
- Communications
- Personal gear/weapons configurations for low-profile
- Quick Reaction Force duties

Configuring locally sourced vehicles to meet the mission








Monday, October 3, 2016

SEPIO Laptop Details



As many of you know, I have been working on a secure laptop project for the last three years. As all of us increasingly rely on our personal computers for everything from shopping to communication to news and information, it became clear to me that there needed to be a safer option than Windows and Mac, yet still be simple and easy to use. I give you the first version of the SEPIO privacy conscious computer.

Currently I am offering it in 15.6 inch and 13.3 inch versions. The hardware may vary slightly due to availability, but will all be of comparable speed and quality.

Current specs on both models:

- i5-6200U CPU (or comparable AMD cpu)
- 8GB DDR3 RAM
- 500GB hard drive
- 1920x1080 screen (15.6" model), 1366x768 (13.3" model)
- Touchscreen

The RAM can be upgraded to 16GB on request and the HD can be upgraded to a fast 1TB 7200rpm or SSD as well.

The operating system:

- SEPIO OS with Grsecurity/Pax hardened kernel
- Locked BIOS, hard drive and bootloader
- Full disk encryption with AES-256-XTS
- Sandboxing of programs
- Custom firewall
- Built in VPN, TOR, Zeronet and I2P
- Virtual TOR router and workstation
- Software defined radio suite
- Hardened browser and mail client
- Extensive security tools suite
- Crypto wallets (Cloakcoin, Bitcoin, Dashpay, Ethereum, Shadowcash)
- and much more...

Essentially, this is the computer I wanted for myself.

It comes with an RF blocking travel case and cover for the webcam.

Until I get the store page updated, you may order simply by emailing me with your desired model and any customizations you want.

Cost is $950 and $35 for shipping (ask if you need special shipping).
Like my other devices, it is shipped in a locked state and sealed in tamper evident RF blocking container.















Saturday, September 3, 2016

UPDATES - Secure Phone, GroundRod 2, Secure Laptop


So, I have been busy the last several weeks. Here is what's coming up.....


1. The GroundRod Primer in Central Washington State is a go for 17-18 SEP. This will probably be the last Primer before GroundRod 2 starts up. Email if you want to secure a seat.

2. My secure phone project is done (finally). The VERUS 1 is a privacy conscious phone with state of the art hardware. It sports a 6 inch HD screen, quad-core processor and 3GB of system RAM. The VERUS OS is built on AOSP and CM with anything Google removed from the system. It features a lot of the security tools that the LIBERTAS tablet had, plus some new goodies. I will get full specs and pictures posted shortly.

3. I am wrapping up the secure laptop project right now. The first SEPIO laptop run will feature a high end AMD CPU, 16GB RAM, HD screen and 1TB hard drive. The SEPIO OS is a hardened system based on Linux. It provides maximum physical and web facing security as well as an extensive suite of cryptography tools and secure communication options. Despite all this I have managed to keep the system simple and easy to use for people new to linux based systems. You can watch movies, play music and surf the web via TOR/I2P/VPN on a hardened and sandboxed browser. There is nothing on the market right now that even attempts to come close to this level of security.

****

I am sure everyone has heard by now that the US government is about to turn the control of the internet over to the UN/ global entities. We saw this coming a long time ago which is why I have been pushing so hard on this subject the last couple years. You need to learn and practice these skills while you still have a chance. Make no mistake, they aim to seriously clamp down on internet free speech.



Saturday, August 6, 2016

Wyoming GroundRod



If we can get a few more interested parties, I can schedule a Wyoming course for this month.

Let me know...